[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resources policy and request file
Hi Seth, Where can i find detailed documentation about different functions supported for 1.2 and 2.0 ? I swicthed back to what Anne has suggested.The changed request and policy xml files are attached. changes in request.xml : -------------- In the request.xml, the datatype of "subject-company" attribute is changed to http://www.w3.org/2001/XMLSchema#anyURI and similarly datatype of resource-id of resource in the request is changed to anyURI. changes in policy.xml: ---------------------- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in"> <SubjectAttributeDesignator AttributeId="urn:namespace:subject-company" DataType="xs:anyURI" /> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="xs:anyURI" /> </Apply> </Condition> I get the below exception : --------------------------------------------------- --------------------------------------------------- Jul 4, 2006 2:37:01 PM com.sun.xacml.finder.impl.FilePolicyModule loadPolicy WARNING: Error reading policy from file C:\sun xacml\sunxacml-1.2\sample\policy\company_policy.xml java.lang.NullPointerException at com.sun.xacml.cond.Apply.getFunction(Apply.java:285) at com.sun.xacml.cond.Apply.getInstance(Apply.java:206) at com.sun.xacml.cond.Apply.getConditionInstance(Apply.java:170) at com.sun.xacml.Rule.getInstance(Rule.java:181) at com.sun.xacml.Policy.<init>(Policy.java:215) at com.sun.xacml.Policy.getInstance(Policy.java:237) at com.sun.xacml.finder.impl.FilePolicyModule.loadPolicy(FilePolicyModule.java:321) at com.sun.xacml.finder.impl.FilePolicyModule.init(FilePolicyModule.java:218) at com.sun.xacml.finder.PolicyFinder.init(PolicyFinder.java:141) at com.sun.xacml.PDP.<init>(PDP.java:107) at SimplePDP.<init>(SimplePDP.java:211) at SimplePDP.main(SimplePDP.java:312) --------------------------------------------------- --------------------------------------------------- Thanks, Dhirendra Sharma --- Seth Proctor <Seth.Proctor@sun.com> wrote: > > Hi Dhirendra. The problem is that your Condition > function (string-is- > in) takes a bag and a string, but you've passed it > two bags. Try > fixing that and let me know what happens. > > > seth > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
<?xml version="1.0" encoding="UTF-8"?>
<Request
xmlns="urn:oasis:names:tc:xacml:1.0:context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:context
cs-xacml-schema-context-01.xsd">
<Subject>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>xmic001</AttributeValue>
</Attribute>
<Attribute AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>WCM-Release-Car</AttributeValue> <!-- User group from LDAP -->
</Attribute>
<Attribute AttributeId="subject-company"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>18021</AttributeValue> <!-- Top level company that this belongs to from LDAP -->
</Attribute>
<!-- Get all the tree starting from 18021 and below -->
<!--
<Attribute AttributeId="urn:namespace:subject-company-level"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>TREE</AttributeValue>
</Attribute>
-->
</Subject>
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>180822</AttributeValue> <!-- Company to be read -->
</Attribute>
<!--
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:scope"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>Descendants</AttributeValue>
</Attribute>
-->
</Resource>
<Action>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>ReleaseCar</AttributeValue>
</Attribute>
</Action>
</Request>
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
PolicyId="WCM-Release-Car_Policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Description>
Sample tree :
180820
/ \
180821 180822
/ \
180823 180824
</Description>
<!-- =============================================================================================== -->
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<!-- =============================================================================================== -->
<Rule RuleId="WCMReleaseCarRule1" Effect="Permit">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:anyURI-is-in">
<SubjectAttributeDesignator
AttributeId="urn:namespace:subject-company"
DataType="xs:anyURI" />
<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="xs:anyURI" />
</Apply>
</Condition>
</Rule>
<!-- =============================================================================================== -->
</Policy>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]